Could you share steps for tomcat 7 on Ubuntu?

am0awad · March 1, 2018, 11:17pm

I want help in setting certificate for configuring tomcat 7 on Ubuntu.
I tried many things but not success only HTTP works.
Could you share server.xml, I am using this:

<Connector executor="tomcatThreadPool"
            port="8080" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="8443" />
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
            keystoreType="PKCS12"
            keystoreFile="/root/example.com.jks"
            keystorePass="pass"
            clientAuth="false" sslProtocol="TLS" />

What’s the problem instance on AWS and I opened 8443 but not connecting.
Installation process: https://computingforgeeks.com/tomcat-7-with-letsencrypt-ssl-certificate/

schoen · March 1, 2018, 11:20pm

Hi @am0awad,

What’s the real domain name?

When you try to connect, do you see a browser error or does the connection simply time out?

Did you already successfully obtain a certificate and convert it into JKS format?

_az · March 1, 2018, 11:26pm

Based on the “connection refused” error, Tomcat is not listening on 8443.

What’s this show:

ss -tlnp

also

keytool -list -keystore /root/example.com.jks -storepass pass

and please show your logs/catalina.out output for the most recent start as well.

am0awad · March 1, 2018, 11:29pm

ss -tlnp

State      Recv-Q Send-Q             Local Address:Port                            Peer Address:Port
LISTEN     0      128                            *:22                                         *:*                   users:(("sshd",pid=14785,fd=3))
LISTEN     0      128                           :::22                                        :::*                   users:(("sshd",pid=14985,fd=4))
LISTEN     0      1               ::ffff:127.0.0.1:8005                                      :::*                   users:(("java",pid=23000,fd=58))
LISTEN     0      100                           :::8080                                      :::*

keytool -list -keystore /root/example.com.jks -storepass pass

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

_az · March 1, 2018, 11:33pm

Well, it looks like either your keystore password is wrong in the configuration, or you haven’t set the keystore up at all.

I have to hop into a meeting now, but basically:

Acquire a certificate using Certbot or another Let’s Encrypt client. Have you done this or not?
Export the certificate you acquired from /etc/letsencrypt and import it into a keystore file that Tomcat can read
Point Tomcat at that keystore file with the correct passphrase.

This post can help you with steps 2 and 3.

am0awad · March 2, 2018, 10:08pm

Hi @_az,

Solved thank you.

,Thanks.

system · April 1, 2018, 10:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.